The pseudorandom writings of a pseudonerd

March 30, 2015

Everything changes but the number

In the past I have written about the horror of porting numbers between landline/voip/wireless carriers.

Recently we've had some changes at home and my wife is changing her employer. She's had the same cell phone number from her job for 14 years and they were nice enough to let her keep it. I'll spare you the details, but it took about three weeks to get everything worked out. This is what I learned from the process:

Porting a phone from a business account to a personal account is a pain, since they never want to share the Tax ID or account number.

Glyde might have great prices online, but beware, as three of my transactions were cancelled due to the seller not completing the deal. A waste of time.

You can purchase a used/refurbished phone that has a Clean ESN, but if the phone isn't unlocked from the carrier and the account balance from the previous owner is not settled you are pretty screwed. I was lucky that the Amazon seller was nice enough to provide a replacement phone, since technically they had sold me exactly what was stated. The back and forth wasted a lot more time.

I use Ting as my carrier and spent a lot of time on the phone with them trying to work out this situation. While it did take a while, they went above and beyond to help me resolve the situation. Since they are a MVNO, they have their hands tied by Sprint and T-Mobile in what type of phone issues they can resolve or what they can put on the network.

December 07, 2014

Amazon Firestick - Part 2

After singing the praises of the Firestick in my last blog post, I've had some more experience playing with the unit. Last night was the first time I've had some network delay issues with 1080P content, but nothing really terrible.

The big thing for me was looking at apps to do local streaming. After doing a few google searches, I found that while XBMC is not an option from the Amazon store, you can "Side Load" the application. While not seamless, running XBMC on the firestick is pretty amazing. Streaming local 1080P content over my local network works like a charm. If you are looking to do this, read these links. As of the next release XBMC will be officially known as Kodi.

Using this method, you can load a lot of other APK file packaged applications beyond what I've mentioned.

December 05, 2014

Amazon Firestick

When I came home from running errands the day before Thanksgiving, there it was on my doorstep, the Amazon Firestick. As you may have read, I've been playing with the Google Chromecast units and have had lots of fun messing with them. When the Firestick was announced a few weeks ago at $19.99 USD I couldn't pass it up, since my wife has an Amazon Prime addiction. As I type this I'm watching an Amazon Prime HD movie and it has yet to hiccup. Here are some of my thoughts:

The UI is fast compared to the Amazon Prime app on my Panasonic BluRay player

The same BluRay player above has network stutters, so I assume the Firestick has more buffer memory

The unit was preconfigured at the factory to hook into my wife's account. Sorta cool or sorta creepy depending on if you were buying it for yourself or for a gift.

The Wi-Fi also does 5.8Ghz, which is pretty awesome.

It has Miracast built in. That's cool to have, but I never use it.

We've been playing with this thing for a little over a week now and it is pretty awesome. It doesn't seem to stutter on 1080P content, which is pretty awesome. If you have Amazon prime, this thing is something that you want to have, but if you are buying your content from random sources, a Roku might be a better choice.

November 15, 2014

Rant

I guess blogging has sort of gone out of style. There isn't really much to say right now, but I can leave you with these nuggets of information.

While I don't use it, my wife is enamoured with Etsy. On the surface it is all artsy, but it is pretty much the best place to buy trademark infringing custom Disney apparel. Sort of like a game of whack-a-mole with vendors from what I understand.

Maybe I don't hang in the right crowds, but I personally don't find the appeal of Pinterest. The whole concept of using "curate" as a verb and spending time organizing content that has already generated feels like a waste of time. I'd be terrible at making investment decisions for internet companies, because it seems that every mother at my son's school uses it for anything that is arts and crafts related.

July 05, 2014

RAND Cybersecurity Workforce Study

I read this RAND study last weekend and had a chance to share this with several people in the workplace last week. In regards to my experience this has been one of the most on target papers in regards to hiring, training, and retaining talent in the "cyber security" space for government work.

While overall I think this is a great piece of writing, there are some problems. First of which, if you ask three people what "cyber security" entails, you'll get three different answers. One of the other fairly minute issue, is that the researchers make the assumption that USG employees that do jobs within the "cyber security" realm in the civilian space are 2210's. In the real world we all know that depending on what flavor of work, different GSA categories such as 0132, 0391, 0801, 0850, 0854, 0855, 0856, 1540, 1541, 1550 or even a secondary role as a 1801 or 1811.

May 31, 2014

The Only Game in Town - Part 2

As I have mentioned before, I am a Comcast/Xfinity customer at home, not from choice, but from lack of it. While I complain a lot about their video offering and craptasic DVR, overall their Internet bandwidth and latency are amazing and their phone service is quite clear and is virtually indistinguishable from a standard POTS line (and I can send SuperG3 33.6Kbps faxes to boot.. try that on any VOIP carrier...).

I originally started this blog post a few months ago, only to have life pop up and give me more important things to deal with. Since then, my bill has creeped up by around $20 USD per month since my initial install.

A few weeks ago I went back and checked with all the other broadband players in my ZIP code to see what they are offering. I was surprised to hear that AT&T has rolled out 6Mbps service in my neighborhood. That would be exciting if it were 2001 again, but I guess it was much better than their 3Mbps service they were promoting. Since DSLextreme and Sonic.net (two of my favorite small ISPs) use AT&T cable plant, you are stuck at 6 megs as well.

Without any real options for switching, I called Comcast and gave the whole faux argument that I might switch and I was looking at lower cost providers. They backed down pretty quick and gave me $50 off my bill every month to go into a 24 month contract. As much as I hate contracts, I can't imaging AT&T rolling out Uverse TV and high speed internet in my neighborhood in the next two years.

It is nice to save money, but it is an empty feeling to know that there are no other viable (i.e. fast and affordable) options where I live. There are whole geographic regions in Africa that share a single VSAT internet connection, so I should really shut up and be thankful. Note to self: Evaluate Internet options in 2016.

April 02, 2014

Incoming SMTP on a budget AKA Keep on rollin'

Sometimes you need to run a service on your home computer(s), but due to previous patterns of abuse by other customers, your broadband provider blocks certain inbound services. I totally understand that need. Normally you have the option to use a non-privileged and non-standard port, and as long as you don't serve up too much traffic the ISP won't try to convert you to a business account.

The broadband provider that I have at home blocks a bunch of different ports, including Port 25, which is what I needed to run a SMTP server at home. For a normal user, this would be silly, but I still need to receive mail on an old sub-domain that I have assigned to me, but I do not control the primary domain or the MX servers for it.

I had access to a friend's business class service that had a spare static IP, which allowed me do a few experiments. There are several pieces of software for Windows that will do port translation, but none that are free, and if I was willing to spend the money in the first place, I would have sprung for business class service at home that had static IP addresses and unblocked ports.

It is more fun to tinker and try to come up solutions, even if you expend more time and effort.

I tried a few different cobbled together a few Linux solutions that worked to some extent.

The first was an experiment using Netcat. Basically, using Netcat you can create (as root) two different Netcat processes connected via a pipe. One Netcat listens to the default interface on Port 25. The other Netcat creates a connection to the server at home on a different port. The nice thing about this solution is that it is pretty simple and also works for http and a few other protocols. Netcat will resolve a DNS name for the output, so if you were to use a dynamic DNS service you could have a flexible solution. The things that is terrible is that you have to run it as root and after a period of time (at the end of the connection on the incoming, or a time out on the outgoing), Netcat dies and you have to respawn the process. The other awful thing is that this uses an incredible amount of CPU time.

I came up with another solution that was a bit better since it was in user space. I sat a Linux machine behind a junk pile firewall and did the simple NAT to take the public IP address and port 25 and map it to the Linux machine sitting in an RFC 1918 address range on a non-privileged port. This allowed me to use ssh tunnels to accept traffic on that Linux machine and send it to the mail server directly over the ssh link. The performance on this was somewhat spotty, but it performed ok. The advantage of this is that you can connect to a Dynamic DNS host for the ssh tunnel and automate the logins if you use session keys.

That was still a bit clunky, so Googled a bit on iptables. Most examples I would find on the web used port forwarding to do what I wanted to do, but by using a NAT table to map it from a public to private ip space. What I was looking to do was basically to take traffic on an untrusted interface and shoot it back out that same untrusted interface on a different TCP port so it could hit my home server. I had used the open source version of Smoothwall in the past at home and knew that used iptables, so I downloaded an ISO and spun up a system on the Public IP address that was available to me. Bingo. Using the port forwarding rules allow you to take inbound traffic on your red interface and forward it back out that same interface. Most other firewalls of that grade (i.e. free or open source) limit your port forwarding to an address behind your trusted interface of on a RFC 1918 address that you are NATting to. The beauty of this solution is that it is completely transparent and is only limited by the bandwidth constraints of the network that feeds your public ip address. The downside is that it only works properly with a fixed ip address. You could write a script to do an nslookup of the A record attached to your dynamic DNS and then write that into a script that would program your iptables configuration. In the end it would take a bit more work to make things work smoothly.

While that was a fun experiment, the best free solution I found was to use a mail redirection service from a company called Rollernet. They accept mail for you on their mail SMTP server, run the mail against a list of domains that you own, run it through a SPAM filter, check against a valid recipient list, and finally send it off to a valid server and port combination that you own. Right now they give you 10Mb of free mail transfer a day, and give you the option to defer mail that is beyond that cap until the next day. You can't beat the price, as long as you are able to give up a little bit of control. In my case that was an acceptable risk to be able to keep a mail domain that has long gone dormant, but still gets valid emails from time to time.